Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

The number of zero-day vulnerabilities discovered in 2015 jumped to 54, more than double the previous year's record-setting 24 such vulnerabilities, Symantec stated in its annual Internet Security Threat Report (ISTR) released on April 12.

The dramatic increase in zero-day vulnerabilities—defined by Symantec as software security flaws that are exploited before being patched by their vendors—is likely driven by the demand for such weaknesses. National intelligence agencies, law enforcement agencies and the military all have needs for compromising systems to gather data and evidence, or attack systems and networks.

"The trend is reflecting the professional hunters out there, looking for zero-days for fun and profit," Kevin Haley, director of security response at Symantec, told eWEEK. "Obviously, nation-states continue to look for them and buy them, and there are people who are making money selling them."

From 2006 on to 2012, the company documented only 8 to 15 zero-day vulnerabilities each year. The following two years saw approximately two dozen zero-day vulnerabilities annually, according to previous Symantec reports. The 2015 total is a 125 percent increase over the 24 zero-day vulnerabilities seen in 2014.

Further reading

It is "not really a surprise that we should see them grow, but it is a record year, far higher than we have been seeing since we started tracking them in 2006," Haley said.

Zero-day vulnerabilities, however, account for a very small portion of the security weaknesses exploited in system and network compromises. Phishing attacks, known vulnerabilities and drive-by downloads paired with malware pose far more common problems for organizations and individuals.

The number of malware variants—versions of malicious programs with unique hashes, often created through automated packers and "fully undetectable" services—climbed for the third straight year, according to Symantec's data. The number of new malware variants, as classified by Symantec's technology, jumped to 431 million in 2015, from 317 million in 2014 and 252 million in 2013. However, the number of variants is on par with previous years, such as the 430 million variants in 2012.

Underscoring that Symantec's ISTR seems to be all about the big numbers, the company also reported that 429 million records were exposed in 2015, a jump of 23 percent. Yet, more companies—85 percent more, according to the firm—decided not to report the number of records compromised in a breach.

"They are not sharing those details," Haley said. "More companies are not being transparent."

Symantec argued that if those companies issued estimates of the number of records lost, the total compromised record count would exceed a half billion in 2015.

"The fact that companies are increasingly choosing to hold back critical details after a breach is a disturbing trend," the company said in the report. "Transparency is critical to security. While numerous data sharing initiatives are underway in the security industry, helping all of us improve our security products and postures, some of this data is getting harder to collect."

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.